Merge pull request from GHSA-j35p-p8pj-vqxq

src/Cedar/Proto_IKE.c: ignore packets with no IPSec SA
2025-07-13 19:24:57 +03:00 · 2024-06-22 18:57:28 +02:00 · 2024-06-22 18:53:35 +02:00 · 2024-06-18 22:41:52 +02:00 · 2024-06-18 16:09:10 -04:00 · 2024-06-18 14:55:45 -04:00
3 changed files with 10 additions and 33 deletions
--- a/src/Cedar/Proto_IKE.c
+++ b/src/Cedar/Proto_IKE.c
@ -463,39 +463,13 @@ void ProcIPsecEspPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
 	seq = READ_UINT(src + sizeof(UINT));

 	// Search and retrieve the IPsec SA from SPI
+
+	// thank to @phillibert report, responding to bad SA might lead to amplification
+	// according to RFC4303 we should drop such packets
+
 	ipsec_sa = SearchClientToServerIPsecSaBySpi(ike, spi);
 	if (ipsec_sa == NULL)
 	{
-		// Invalid SPI
-		UINT64 init_cookie = Rand64();
-		UINT64 resp_cookie = 0;
-		IKE_CLIENT *c = NULL;
-		IKE_CLIENT t;
-
-
-		Copy(&t.ClientIP, &p->SrcIP, sizeof(IP));
-		t.ClientPort = p->SrcPort;
-		Copy(&t.ServerIP, &p->DstIP, sizeof(IP));
-		t.ServerPort = p->DestPort;
-		t.CurrentIkeSa = NULL;
-
-		if (p->DestPort == IPSEC_PORT_IPSEC_ESP_RAW)
-		{
-			t.ClientPort = t.ServerPort = IPSEC_PORT_IPSEC_ISAKMP;
-		}
-
-		c = Search(ike->ClientList, &t);
-
-		if (c != NULL && c->CurrentIkeSa != NULL)
-		{
-			init_cookie = c->CurrentIkeSa->InitiatorCookie;
-			resp_cookie = c->CurrentIkeSa->ResponderCookie;
-		}
-
-		SendInformationalExchangePacketEx(ike, (c == NULL ? &t : c), IkeNewNoticeErrorInvalidSpiPayload(spi), false,
-			init_cookie, resp_cookie);
-
-		SendDeleteIPsecSaPacket(ike, (c == NULL ? &t : c), spi);
 		return;
 	}

--- a/src/Mayaqua/Network.c
+++ b/src/Mayaqua/Network.c
@ -25,7 +25,6 @@

 #include <openssl/err.h>
 #include <openssl/ssl.h>
-#include <openssl/provider.h>

 #ifdef OS_UNIX
 #include <fcntl.h>
@ -11906,8 +11905,10 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 		Unlock(openssl_lock);
 	}

-	SSL_set1_groups_list(sock->ssl, PQ_GROUP_LIST);
-
+	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		SSL_set1_groups_list(sock->ssl, PQ_GROUP_LIST);
+	#endif
+	
 	if (sock->ServerMode)
 	{
 //		Lock(ssl_connect_lock);
--- a/src/Mayaqua/Network.h
+++ b/src/Mayaqua/Network.h
@ -59,7 +59,9 @@ struct DYN_VALUE

 #define	DEFAULT_CIPHER_LIST			"ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:ECDHE+AES256:DHE+AES256:RSA+AES"

+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #define PQ_GROUP_LIST				"p521_kyber1024:x25519_kyber768:P-521:X25519:P-256"
+#endif

 // SSL logging function
 //#define	ENABLE_SSL_LOGGING
Author	SHA1	Message	Date
Ilya Shipitsin	c2a7aa5481	Merge pull request from GHSA-j35p-p8pj-vqxq src/Cedar/Proto_IKE.c: ignore packets with no IPSec SA	2024-06-22 18:57:28 +02:00
Ilia Shipitsin	6f57449164	src/Cedar/Proto_IKE.c: ignore packets with no IPSec SA many thanks to Jonathan Phillibert from Amazon Web Services for investigating and reporting that responding to such packets might lead to traffic amplification	2024-06-22 18:53:35 +02:00
Ilya Shipitsin	bc31a5cfd3	Merge pull request #2002 from siddharth-narayan/quantum-safe-key-agreement Add Post Quantum key agreement	2024-06-18 22:41:52 +02:00
Siddharth	68964ab0d7	Guard variables with OpenSSL version	2024-06-18 16:09:10 -04:00
siddharth-narayan	bf3c50fde4	Merge branch 'SoftEtherVPN:master' into quantum-safe-key-agreement	2024-06-18 14:55:45 -04:00
Siddharth	b06486b37d	Remove unecessary provider include	2024-06-18 00:01:58 -04:00